Monday, July 05, 2010

Flash: Hey Adobe, learn to write an updater!

As we all know, Adobe Flash has had more than its share of security vulnerabilities and the concomitant flurry of updates recently. I’ve recently seen several machines where the Flash updates just don’t work. It seems to screw up on all kinds of things:

  1. People tend to only reboot once in awhile now that sleep/resume works well. They’ll now reboot at maybe monthly intervals. Up comes the flash update message and they tell it to update. Who knows what the logic is in the updater, but it will pick one (Firefox or IE) to update. It updates that one and leaves the “other” Flash vulnerable. Fail.
  2. A person goes to the Adobe site to update Flash themselves. After they get through the screen where they need to turn off unneeded security scans from McAfee, spyware toolbars from Google, etc. and actually get the download it wants to install the Adobe Download Manager (or DLM). This wondrous tool loves to install, download the update, then randomly show that it failed. Convince it to try again and it says something to the effect that “no, I said I failed you moron”. So then you try to update your other browser and that one works. But the one where DLM failed doesn’t even have flash anymore. Well, at least it is secure. The other part of this is that Adobe is doing their best to hide the download links for install_flash_ax.exe (ActiveX) and install_flash.exe (NPAPI) so that you can only get things with their busted-ass DLM. Fail.

Please, Adobe: Put the links to the actual EXE downloads back at a higher level on your site with text like this, “In the all to common event that our DLM fails to update your install of Flash, download the appropriate updater here.”

Oh yeah – and fix your DLM. While you are at it, make the updater that appears when users logon to their machine update ANY and ALL versions of Flash on the machine.

No comments: